radare Nov 23, 2024

📚 “Comparing binaries with radiff2” - a video tutorial by Mohamed Atta Abozaid (Egypt)

👀 video https://youtu.be/RsI8hNhsi_U
👉source https://github.com/ReEng101/Binary-Comparison

#radare2 #reverseengineering #BinaryDiffing

Binary Comparison (How to use radiff2) #reverseengineering #radare2 #binary

YouTube
Joxean Koret (@matalaz)Nov 3, 2024

This paper looks promising: "SIGMADIFF: Semantics-Aware Deep Graph Matching for Pseudocode Diffing".

https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=9671&context=sis_research

#SigmaDiff #Pseudocode #Diffing #BinaryDiffing #BCSA

Show threadJoxean Koret (@matalaz)Sep 23, 2024

The code is also published (in github) already and #Diaphora now can use an already trained model to try to improve binary diffing results (matching). I haven't made yet a new release just yet as these changes are considered a bit experimental for now.

The datasets and tools for training and testing are here: https://github.com/joxeankoret/diaphora-ml
And Diaphora, is here: https://github.com/joxeankoret/diaphora

#Diaphora #BinaryDiffing #Bindiffing #ReverseEngineering #MachineLearning

GitHub - joxeankoret/diaphora-ml: Diaphora Machine Learning tools and datasets

Diaphora Machine Learning tools and datasets. Contribute to joxeankoret/diaphora-ml development by creating an account on GitHub.

GitHub
Joxean Koret (@matalaz)Sep 23, 2024

Here are the slides of my "Simple Machine Learning Techniques for Binary Diffing (with Diaphora)" talk given at the @44CON conference last week:

https://github.com/joxeankoret/diaphora-ml/blob/main/docs/diaphora-ml-techniques-44con-final.pdf

#44con #Diaphora #MachineLearning #ReverseEngineering #BinaryDiffing

diaphora-ml/docs/diaphora-ml-techniques-44con-final.pdf at main · joxeankoret/diaphora-ml

Diaphora Machine Learning tools and datasets. Contribute to joxeankoret/diaphora-ml development by creating an account on GitHub.

GitHub
Show threadJoxean Koret (@matalaz)Aug 15, 2024

This is not at all my own idea and this is, basically, the only thing that academia researches as of today: almost every single academic paper published in the last years talking about binary diffing (or, as academia calls it "Binary Code Similarity Analysis") is based on "machine learning" techniques.

Some popular academic examples: DeepBinDiff or BindiffNN. Don't worry if you don't know them. Nobody uses them. At all.

#BinDiff #BinaryDiffing #BinaryCodeSimilarityAnalysis

Joxean Koret (@matalaz)Feb 14, 2024

Any cool bug in Microsoft's February 2024 Patch Tuesday??

#PatchTuesday #BinaryDiffing #Diaphora

Joxean Koret (@matalaz)Jan 9, 2024

It's very sad, but it's always a damn waste of time reading academic research about binary diffing or, as it's called at the academia, about binary code similarity analysis. It's either all fairytales that cannot be proved or, plainly, false and/or wrong.

An example? One paper that I have re-read today says that #BinDiff and #Diaphora are mono-architecture and totally discard these tools for the paper. LOL.

#BinaryDiffing #BinDiffing #BinaryCodeSimilarityAnalysis

Joxean Koret (@matalaz)Oct 20, 2023

Fun Reverse Engineering problem du jour. A compilation unit is a set of functions. Cool. However, a function might belong to one or many compilation units.

For example, in #Diaphora, I used to think that once I have a compilation unit name for a function, that function belongs to just that one CU. However, if a function from, for example, a header file is in-lined inside a function, what compilation unit does that function belong to?

#ReverseEngineering #BinaryDiffing #BinDiffing

Joxean Koret (@matalaz)Oct 15, 2023

The support for finding fixed signedness issues in #Diaphora is working (to highlight potentially fixed vulnerabilites):

#BinaryDiffing #PatchDiffing

Joxean Koret (@matalaz)Oct 13, 2023
Me every time I have a "new" idea for doing #BinaryDiffing in #Diaphora with algorithms based on graph theory: